Author
Topic: OSPF metric help (Read 2222 times)

I have successfully set up OSPF with dual OpenVPN tunnels in a Multi-WAN client/server setup.

Failover works well, I can down the active WAN, OSPF kicks in and routes OpenVPN traffic over the secondary WAN. I can happily flip between the two WAN's all day long with no problems at all.

My problem is with load balancing. Both of my OpenVPN connections are assigned to interfaces which are then assigned in OSPFd. I have given both the interfaces a metric of 10. When I start two simultaneous pings (via two seperate PC's) from Site B to Site A, traffic graphs only show one WAN being utilised.

afaik ospf only seems to add 1 route to the routingtable even tho multiple are available with same metric .... i don't know if its a impossible with bsd or if it just isn't implemented at the moment.

if you really want balancing i'm pretty sure you could create a gateway-group and balance your vpntunnels the same way you would balance WAN connections ....create a gateway group , create firewall rule to point all traffic with destination 192.168.2.0/24 over the gateway-group

I have tried the gateway group method and can confirm that load balancing does work with that, however failover doesn't. If you down the WAN that is currently associated with the active ovpnc entry in the routing table then the tunnel doesnt activate on the 2nd WAN.

OpenVPN seems to obey the routing table and not the gateway group for return traffic.

I think in order to achieve load balancing and failover for OpenVPN then a combination of gateway group and OSPF is needed, im just not sure how.

Forgive me for hijacking your thread. May I ask how did you configure your OSPF with failover? I did assign my OSPF, same as yours, to 2 OpenVPN interfaces with different metric. And yet when I force to down my primary link it won't failover to the backup link but the FIBs routes are updated. When I restart my OSPF service the destination subnets are now reachable. Hope you can help me with this. Thank you in advance.

The OpenOSPFd package is a bit broken these days, you might give my Quagga-OSPF package a spin (after removing OpenOSPFD), settings are essentially the same between them, but Quagga appears to work much better with FreeBSD's routing tables, whereas OpenOSPFD still seems to assume it's working on OpenBSD even when running on FreeBSD...